b914b210f63a25cf587d65f0710636a5

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1992-Jun-19 22:22:17
Detected languages English - Philippines

Plugin Output

Suspicious PEiD Signature: tElock 0.98 -> tHE EGOiSTE (h)
Suspicious The PE is possibly packed. Unusual section name found:
The PE only has 2 import(s).
Suspicious The PE header may have been manually modified. The resource timestamps differ from the PE header:
  • 2007-Apr-12 22:03:44
Suspicious The file contains overlay data. 83898 bytes of data starting at offset 0x8c00.
The overlay data has an entropy of 7.9922 and is possibly compressed or encrypted.
Malicious VirusTotal score: 64/73 (Scanned on 2020-06-16 06:12:46) DrWeb: Trojan.Siggen3.61286
MicroWorld-eScan: Generic.Malware.Sdld.C44D850D
FireEye: Generic.mg.b914b210f63a25cf
McAfee: Artemis!B914B210F63A
Cylance: Unsafe
Zillya: Worm.LunaStorm.Win32.14
Sangfor: Malware
K7AntiVirus: Trojan ( 000010291 )
Alibaba: Worm:Win32/Mydoom.7edce966
K7GW: Trojan ( 000010291 )
Cybereason: malicious.0f63a2
Arcabit: Generic.Malware.Sdld.C44D850D
Invincea: heuristic
BitDefenderTheta: AI:Packer.C1CA229C21
Cyren: W32/Delfloader.B.gen!Eldorado
Symantec: SMG.Heur!gen
TotalDefense: Win32/Bosbot!generic
TrendMicro-HouseCall: TROJ_DELF.SMUA
Avast: Win32:Malware-gen
Kaspersky: Backdoor.Win32.Delf.cst
BitDefender: Generic.Malware.Sdld.C44D850D
NANO-Antivirus: Trojan.Win32.Delf.fnpcbp
Paloalto: generic.ml
ViRobot: Trojan.Win32.Z.Delf.119738.A
Rising: Backdoor.Delf!1.64C1 (CLOUD)
Ad-Aware: Generic.Malware.Sdld.C44D850D
Emsisoft: Generic.Malware.Sdld.C44D850D (B)
Comodo: Backdoor.Win32.Delf.ste@4wua2l
F-Secure: Trojan.TR/Dropper.Gen
Baidu: Win32.Trojan.Delf.j
VIPRE: Trojan.Win32.Luiha.bn (v)
TrendMicro: TROJ_DELF.SMUA
McAfee-GW-Edition: BehavesLike.Win32.Backdoor.cc
SentinelOne: DFI - Suspicious PE
Trapmine: malicious.moderate.ml.score
Sophos: Troj/Agent-BBLI
Ikarus: Worm.Win32.Lunastorm
F-Prot: W32/Delfloader.B.gen!Eldorado
Jiangmin: Backdoor.Delf.hzu
Webroot: W32.Malware.Gen
Avira: TR/Dropper.Gen
Fortinet: W32/Delf.CST!tr
Antiy-AVL: Trojan[Backdoor]/Win32.Delf
Endgame: malicious (high confidence)
Microsoft: Worm:Win32/Mydoom.PB!MTB
AegisLab: Trojan.Win32.Delf.tpLp
ZoneAlarm: Backdoor.Win32.Delf.cst
Cynet: Malicious (score: 100)
AhnLab-V3: Backdoor/Win32.Delf.R257860
Acronis: suspicious
VBA32: Exploit.Letipig
ALYac: Generic.Malware.Sdld.C44D850D
Malwarebytes: Trojan.Delf
APEX: Malicious
ESET-NOD32: a variant of Win32/LunaStorm.D
Tencent: Malware.Win32.Gencirc.10b07aad
Yandex: Backdoor.Delf!X46tUMiHjC8
MAX: malware (ai score=87)
eGambit: Unsafe.AI_Score_97%
GData: Generic.Malware.Sdld.C44D850D
AVG: Win32:Malware-gen
Panda: Trj/Genetic.gen
CrowdStrike: win/malicious_confidence_80% (W)
Qihoo-360: Win32/Trojan.Delf.B

Hashes

MD5 b914b210f63a25cf587d65f0710636a5
SHA1 9d4f0a25a54cebe6a1b2d33f75ba693f3ec5d561
SHA256 ba7e8ce4ecbf2853c5d67ef7d05f4b11a24a01bf4dce04ca264497bfd3e6f8b2
SHA3 87c0a550c3e3b81c15bc4090dfec2748b4897fa32e01d9b2a9a459a4909835d2
SSDeep 3072:w/qP0m22Xtaz4QQ27q0RVSx/A2qJfScmn5CrHRCJEGhNkoNp0w:+qP0mj9azCnZR5SI1V
Imports Hash 3c0e70bfa5f73f1f1cef484e2bcb5bf8

DOS Header

e_magic MZ
e_cblp 0x50
e_cp 0x2
e_crlc 0
e_cparhdr 0x4
e_minalloc 0xf
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0x1a
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 8
TimeDateStamp 1992-Jun-19 22:22:17
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0
SizeOfInitializedData 0x1e00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00014BD6 (Section: )
BaseOfCode 0x1000
BaseOfData 0xb000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x16000
SizeOfHeaders 0x400
Checksum 0xb256
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x4000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

CODE

MD5 8514eef6b93db657e842f2aebd3d62e7
SHA1 6b79db6670335722b0af026249dc3f6ca1baf36a
SHA256 86ac7ded112fb66f9fe8df0d80d695fc8025f7a6f8c93cf12fb9b1ad9538eebc
SHA3 ba4fe4d09a4256c4241edf5dcb8596ec193bdd5fad37522d27c716ffc39ea1d1
VirtualSize 0xa000
VirtualAddress 0x1000
SizeOfRawData 0x5600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.99224

DATA

MD5 ff10994e1511c01417b702135f163e3f
SHA1 c810453baef22412aa632e6cdb99ec3772715f15
SHA256 f9d0ef2c8c8e7532fdd5d2cd37be0a5dbed6cc0436795e00d911f1828126abce
SHA3 f4998e4fecdb3b13bc3b2f0c9ce742a457273d126a3a51e413775afafd510020
VirtualSize 0x1000
VirtualAddress 0xb000
SizeOfRawData 0x200
PointerToRawData 0x5a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.53744

BSS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x2000
VirtualAddress 0xc000
SizeOfRawData 0
PointerToRawData 0x5c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata

MD5 7e1c48446495cc9bd209ef599eff66d1
SHA1 2576ab65d1980ed58d0bc1cd15c5f90387daff9c
SHA256 63adf978852730af0e9dd53638e6a399b5518f7333b1af730850e3ce24d58060
SHA3 c5f3d3039158e7f5d49831be8957f84d86bff8e749f8def594250e6e26e903fd
VirtualSize 0x1000
VirtualAddress 0xe000
SizeOfRawData 0x600
PointerToRawData 0x5c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.87167

.tls

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x1000
VirtualAddress 0xf000
SizeOfRawData 0
PointerToRawData 0x6200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata

MD5 3dd0b9cb9e8f0be8593c2ad8b5022b2a
SHA1 e8efa0a77cffa24ac0a52fb7a68b4daeee329c23
SHA256 1807de28ab11526fb4cf17b11b1999dfad7fb947eda4a62e18f82dbca78f4550
SHA3 8dadbe6b3a9382c00afcd7e5b9029d8c294f8db1ba7de3e0e8959fca6e23e9d8
VirtualSize 0x2000
VirtualAddress 0x10000
SizeOfRawData 0x200
PointerToRawData 0x6200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.5821

.rsrc

MD5 ee800aa728372d073f997ba111254d12
SHA1 e84683e0e23eb77ed252263e28fda88b6062c7db
SHA256 fce1a73ab0ede4c65b9e4f4f7d222457791378b622a8cd0dda8f4156468daee6
SHA3 95ae720c14c1675c7f2809bb0a9b6c891f945992192c06ea8b5aa1f1b3746582
VirtualSize 0x1000
VirtualAddress 0x12000
SizeOfRawData 0x400
PointerToRawData 0x6400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.75336

MD5 e46dc7f4e8add642a4b802392c3ea3ad
SHA1 aae721d91eb341485c5b6f7e9902d275f472c312
SHA256 dc600cd4044a1f528f50d6747e7313e462797be0b9e8fe87c20a975fa93193b7
SHA3 ba70373ce7f47fedfa8e6d6b153b91ade00396bac3d663ff04589d9d165234a6
VirtualSize 0x3000
VirtualAddress 0x13000
SizeOfRawData 0x2400
PointerToRawData 0x6800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.59694

Imports

kernel32.dll GetModuleHandleA
user32.dll MessageBoxA

Delayed Imports

1

Type RT_ICON
Language English - Philippines
Codepage UNKNOWN
Size 0x2e8
TimeDateStamp 2007-Apr-12 22:03:44
Entropy 3.85232
MD5 8738b36430a86192c6c538a84908b4dc
SHA1 d6fc4edac0bdb9cf081ad178589b59506906516f
SHA256 b4a3b4a9e090438c0822540d2807121a7e5734515d6cd1123b3a5df836ea7029
SHA3 fc72bd50b22d47998d3718e4de691971447984af8f6e0fbdeb6836def494449d

DVCLAL

Type RT_RCDATA
Language UNKNOWN
Codepage UNKNOWN
Size 0x10
TimeDateStamp 2007-Apr-12 22:03:44
Entropy 3.875
MD5 51b663fad68e3e2ef566cec5bd22bcff
SHA1 84a9f07acec0e402b2a261bbf87996f7ca12b31b
SHA256 d027bbe81ee842151207ba4732498577162e318fee7804f7fcb48dce2a291a28
SHA3 a24547d7b6f62276e4f03052a4c419d22de906d10ac8a456bf9fda3f990d9321

PACKAGEINFO

Type RT_RCDATA
Language UNKNOWN
Codepage UNKNOWN
Size 0xa8
TimeDateStamp 2007-Apr-12 22:03:44
Entropy 6.80524
MD5 0c86ab18d77a4a4adc6667bdeaa3fc53
SHA1 d1944efd80e8831b9e9fa2422833d9d598c52392
SHA256 34be9b592ed901e9e58c31b7ab33073ef18d44cea9519711b9d06f44adaab3a3
SHA3 6a1070105891e46e7b85f18e834ee575225f54b9aa628386ac15b661e750db6e

MAINICON

Type RT_GROUP_ICON
Language English - Philippines
Codepage UNKNOWN
Size 0x14
TimeDateStamp 2007-Apr-12 22:03:44
Entropy 2.06096
Detected Filetype Icon file
MD5 59517c0a5976f364558b42dbb1cabbc8
SHA1 cf9a68a0b175f131381d3d29245441a6f9d53e3d
SHA256 ff04c16f07007618c7723eb538f879f89e297950bfa77ed55d1a19776f312a37
SHA3 5b15005fa45f38fa9716594a7860ddc29a2ef7e6921e99c6e8f3ac5bef203fd6

Version Info

TLS Callbacks

StartAddressOfRawData 0x414fa6
EndAddressOfRawData 0x414fae
AddressOfIndex 0x414fa2
AddressOfCallbacks 0x414f9a
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks (EMPTY)

Load Configuration

RICH Header

Errors

[*] Warning: Section BSS has a size of 0! [*] Warning: Section .tls has a size of 0!
<-- -->